2019-08-03 20:09:02 +00:00
|
|
|
global
|
|
|
|
tune.ssl.default-dh-param 2048
|
2020-01-19 17:10:37 +00:00
|
|
|
ssl-default-bind-options ssl-min-ver TLSv1.2
|
2019-08-03 20:09:02 +00:00
|
|
|
maxconn 2048
|
|
|
|
maxconnrate 40
|
2019-12-27 14:14:04 +00:00
|
|
|
uid 65534
|
|
|
|
gid 65533
|
|
|
|
node "$HOSTNAME"
|
2020-01-09 14:53:30 +00:00
|
|
|
stats socket /haproxy/haproxy.sock mode 660 level admin
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-03 20:09:02 +00:00
|
|
|
defaults
|
|
|
|
mode http
|
2019-12-27 12:57:00 +00:00
|
|
|
retries 1
|
2019-08-03 20:09:02 +00:00
|
|
|
option forwardfor
|
|
|
|
option http-keep-alive
|
|
|
|
option tcp-smart-connect
|
|
|
|
option tcpka
|
|
|
|
option http-buffer-request
|
2020-01-19 17:10:37 +00:00
|
|
|
balance roundrobin
|
2020-01-15 20:25:49 +00:00
|
|
|
compression algo gzip
|
2019-08-03 20:09:02 +00:00
|
|
|
timeout http-request 10s
|
2019-12-27 12:57:00 +00:00
|
|
|
timeout connect 10s
|
|
|
|
timeout client 60s
|
2019-08-03 20:09:02 +00:00
|
|
|
timeout server 240s
|
2019-12-27 12:57:00 +00:00
|
|
|
timeout http-keep-alive 240s
|
2020-01-19 17:10:37 +00:00
|
|
|
default-server resolvers dockerdns init-addr libc,none
|
2019-08-03 20:09:02 +00:00
|
|
|
|
|
|
|
resolvers dockerdns
|
|
|
|
nameserver docker 127.0.0.11:53
|
|
|
|
resolve_retries 2
|
|
|
|
timeout retry 300ms
|
2019-11-30 15:19:03 +00:00
|
|
|
hold other 100ms
|
|
|
|
hold refused 100ms
|
|
|
|
hold nx 100ms
|
|
|
|
hold timeout 3s
|
|
|
|
hold valid 1s
|
2019-08-03 20:09:02 +00:00
|
|
|
|
|
|
|
frontend https
|
|
|
|
mode http
|
2019-12-27 14:14:04 +00:00
|
|
|
bind *:80 defer-accept
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-03 20:09:02 +00:00
|
|
|
acl root url /
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-03 20:09:02 +00:00
|
|
|
acl public_cache res.hdr(content-type) -i -m str text/css -i -m str application/javascript -i -m beg font/
|
|
|
|
acl private_cache res.hdr(content-type) -i -m beg image/ -i -m beg audio/ -i -m beg video/ -i -m beg text/ -i -m beg application/
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-12-12 12:55:10 +00:00
|
|
|
acl grafana hdr_beg(host) -i stats.redxen.eu
|
|
|
|
acl git hdr_beg(host) -i git.redxen.eu
|
|
|
|
acl transmission hdr_beg(host) -i seed.redxen.eu
|
|
|
|
acl seedown hdr_beg(host) -i sd.redxen.eu
|
|
|
|
acl homepage hdr_beg(host) -i redxen.eu
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-03 20:09:02 +00:00
|
|
|
redirect location /index.html code 301 if homepage root
|
2019-09-26 15:36:43 +00:00
|
|
|
redirect location /web/ code 301 if transmission root
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-05 12:59:55 +00:00
|
|
|
http-response replace-header Set-Cookie (.*) \1;\ Secure
|
|
|
|
http-response add-header X-Forwarded-Proto https
|
2019-12-11 18:32:47 +00:00
|
|
|
|
|
|
|
http-response set-header Cache-Control public\ max-age=31536000 if public_cache ! private_cache
|
2019-08-03 20:09:02 +00:00
|
|
|
http-response set-header Cache-Control private\ max-age=86400\ must-revalidate if private_cache
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-03 20:09:02 +00:00
|
|
|
http-response set-header X-XSS-Protection 1;\ mode=block
|
|
|
|
http-response set-header X-Content-Type-Options nosniff
|
|
|
|
http-response set-header Referrer-Policy no-referrer-when-downgrade
|
|
|
|
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload
|
2019-12-11 18:32:47 +00:00
|
|
|
|
2019-08-03 20:09:02 +00:00
|
|
|
use_backend grafana if grafana
|
2019-12-11 18:32:47 +00:00
|
|
|
use_backend git if git
|
2019-08-03 20:09:02 +00:00
|
|
|
use_backend transmission if transmission
|
|
|
|
use_backend homepage if homepage
|
2019-08-23 08:01:18 +00:00
|
|
|
use_backend seedown if seedown
|
2019-08-03 20:09:02 +00:00
|
|
|
|
|
|
|
backend homepage
|
2020-01-19 17:10:37 +00:00
|
|
|
server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80
|
2019-08-03 20:09:02 +00:00
|
|
|
http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com
|
|
|
|
http-request set-header Connection \"\"
|
|
|
|
|
|
|
|
backend grafana
|
2020-01-19 17:10:37 +00:00
|
|
|
server-template grafana-docker 5 tasks.tig_grafana:3000 check
|
2019-08-03 20:09:02 +00:00
|
|
|
option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu
|
|
|
|
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
|
|
|
|
|
2019-12-11 18:32:47 +00:00
|
|
|
backend git
|
2020-01-19 17:10:37 +00:00
|
|
|
server git-docker tasks.git_gitea:3000 check
|
2019-12-11 18:32:47 +00:00
|
|
|
option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu
|
2019-08-05 22:43:45 +00:00
|
|
|
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
|
2019-08-03 20:09:02 +00:00
|
|
|
|
|
|
|
backend transmission
|
2020-01-19 17:10:37 +00:00
|
|
|
server transmission-docker tasks.seedbox_transmission:9091 check
|
2019-08-03 20:09:02 +00:00
|
|
|
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
|
|
|
|
|
2019-08-23 08:01:18 +00:00
|
|
|
backend seedown
|
2020-01-19 17:10:37 +00:00
|
|
|
server httpd-seedown tasks.seedbox_httpd:80 check
|